gpg: Report STATUS_NO_SECKEY when it is examined.2019-01-16T01:27:21ZNIIBE Yutakagniibe@fsij.orgNIIBE Yutakagniibe@fsij.org2019-01-16T01:27:21Zhttp://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=dafffa95b2317bcb80fff1fd6d2bc7b4e6b1e206

gpg: Prepare for signatures with ISSUER_FPR but without ISSUER.2018-07-05T18:55:32ZWerner Kochwk@gnupg.orgWerner Kochwk@gnupg.org2018-07-05T18:55:32Zhttp://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=f7526c7bc754acf68bde0b79c785e875a9365d60

gpg: Sanitize diagnostic with the original file name.2018-06-08T08:45:21ZWerner Kochwk@gnupg.orgWerner Kochwk@gnupg.org2018-06-08T08:45:21Zhttp://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=13f135c7a252cc46cff96e75968d92b6dc8dce1b

gpg: Sanitize diagnostic with the original file name.
* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
--
This fixes a forgotten sanitation of user supplied data in a verbose
mode diagnostic. The mention CVE is about using this to inject
status-fd lines into the stderr output. Other harm good as well be
done. Note that GPGME based applications are not affected because
GPGME does not fold status output into stderr.
CVE-id: CVE-2018-12020
GnuPG-bug-id: 4012

gpg: Also detect a plaintext packet before an encrypted packet.2018-06-06T13:46:24ZWerner Kochwk@gnupg.orgWerner Kochwk@gnupg.org2018-06-06T13:46:24Zhttp://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=344b548dc71657d0285d93f78f17a2663b5e586f

gpg: Also detect a plaintext packet before an encrypted packet.
* g10/mainproc.c (proc_encrypted): Print warning and later force an
error.
--
Note that when this error is triggered the plaintext from the literal
data packet has already been outputted before the BEGIN_DECRYPTION
status line. We fail only later to get more information. Callers
need to check and act upon the decryption error code anyway.
Thanks to Marcus for pointing out this case.
GnuPG-bug-id: 4000
Signed-off-by: Werner Koch <wk@gnupg.org>

gpg: Print a hint on how to decrypt a non-mdc message anyway.2018-05-31T10:59:40ZWerner Kochwk@gnupg.orgWerner Kochwk@gnupg.org2018-05-31T10:59:40Zhttp://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=874e391665405fc413a69f2ffacdb94bb08da7ff

gpg: Extend the "sig" record in --list-mode.2018-04-12T15:53:17ZWerner Kochwk@gnupg.orgWerner Kochwk@gnupg.org2018-04-12T15:53:17Zhttp://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=69c3e7acb744e1e5606a4d946e3b948704cfbbae

gpg: Extend the "sig" record in --list-mode.
* g10/getkey.c (get_user_id_string): Add arg R_NOUID. Change call
callers.
(get_user_id): Add arg R_NOUID. Change call callers.
* g10/mainproc.c (issuer_fpr_string): Make global.
* g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key
also in --list-mode. Print the "issuer fpr" field also if there is an
issuer fingerprint subpacket.
--
Scripts used to rely on the "User ID not found" string even in the
--with-colons listing. However, that is not a good idea because that
string is subject to translations etc. Now we have an explicit way of
telling that a key is missing. For example:
gpg --list-sigs --with-colons | \
awk -F: '$1=="sig" && $2=="?" {if($13){print $13}else{print $5}}'
Prints all keyids or fingerprint of signing keys for which we do not
have the key in our local keyring.
Signed-off-by: Werner Koch <wk@gnupg.org>

gpg: Extend the ERRSIG status line with a fingerprint.2018-04-12T14:41:05ZWerner Kochwk@gnupg.orgWerner Kochwk@gnupg.org2018-04-12T14:41:05Zhttp://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=23a714598c247d78cfda46a6dc338b17e17cc194

gpg: Extend the ERRSIG status line with a fingerprint.
* g10/mainproc.c (issuer_fpr_raw): New.
(issuer_fpr_string): Re-implement using issuer_fpr_rtaw.
(check_sig_and_print): Don't free ISSUER_FPR. Use ISSUER_FPR_RAW.
Use write_status_printf. Extend ERRSIG status.
--
Modern OpenPGP implementations put the ISSUER_FPR into the signature
to make it easier to discover the, public needed to check the
signature. This is also useful in error messages and thus we add it.
Signed-off-by: Werner Koch <wk@gnupg.org>